I have a question regarding the RAP Browser-Widget. I currently try to use a browser widget to load a cross-domain legacy webapp and use javascript as a communication layer.
But to allow the loaded webapp to communicate I tried to set up the domains being on subdomains of each other (a.domain.com and b.domain.com) and modified the document.domain on both sides to domain.com to allow the cross domain communication.

The legacy javascript calls (on domain B) now get permission to call javascript functions defined natively in the opened html (on domain A). But due to the modification of the document.domain, the BrowserFunctions used for Callbacks to the RAP webapp (on domain A) now say permission denied. As far as I understand, the browser widget itself is rendered into an iframe, so now the cross-domain policy prevents these calls.

Do I miss something, because I don't think the scenario of using a cross-domain target in the browser widget is that special, so I wonder someone must have solved this problem already.

I have to admit i had a bit of trouble understanding your scenario. Not
sure i do completely.

Regarding the Browser widget, it is simply a wrapper around an iframe,
so the standard security restrictions of modern browser apply. However,
it might not take into account any changes to document.domain. As far as
i understand it, it has to be set in both the parent frame (RAP) and the
iframe (document loaded in browser widget). You'd have to do that
manually for both.

I looked at the code, and in case the iframe is not yet fully loaded,
the widget uses the URL to determine if the document will be accessible
after it is loaded, without trying it first. If the iframe is already
loaded, this is done by trial and error, so you might want to try to use
a ProgressListener to wait until the document is loaded to create the
BrowserFunction. Perhaps that helps.

Greetings,
Tim

Am 16.11.2012 18:48, schrieb Thomas Weinstein:
> I have a question regarding the RAP Browser-Widget. I currently try to
> use a browser widget to load a cross-domain legacy webapp and use
> javascript as a communication layer.
> But to allow the loaded webapp to communicate I tried to set up the
> domains being on subdomains of each other (a.domain.com and
> b.domain.com) and modified the document.domain on both sides to
> domain.com to allow the cross domain communication.
>
> The legacy javascript calls (on domain B) now get permission to call
> javascript functions defined natively in the opened html (on domain A).
> But due to the modification of the document.domain, the BrowserFunctions
> used for Callbacks to the RAP webapp (on domain A) now say permission
> denied. As far as I understand, the browser widget itself is rendered
> into an iframe, so now the cross-domain policy prevents these calls.
>
> Do I miss something, because I don't think the scenario of using a
> cross-domain target in the browser widget is that special, so I wonder
> someone must have solved this problem already.
>
> Thank you in advance for any hints or tips.